RiskWatch for Financial Institutions™ creates a comprehensive compliance risk assessment (the required self-assessment) to match the FFIEC guidelines: IT, FFIEC, Information Technology (IT) Examination Handbook, RED FLAG, GLBA and more. The software includes the risk assessment compliance template, including role-based compliance questions, directly based on requirements, as well as web-based survey programs, and a complete written report, augmented by working papers that explain how each element was generated. FINISH YOUR RED FLAG ASSESSMENT with Easy to Use, Affordable Software. It includes complete assessment versions for GLBA (Gramm Leach Bliley), the Red Flag Identity Theft Standard and Bank Secrecy Act (BSA) assessment standards. Sarbanes Oxley (SOX) is also available upon request. Web-based or server-based online questionnaires make it easy to gather role-based data, and generate management reports with working papers and complete audit trails. The only fully standardized way to meet the new Red Flag and risk assessment requirements, RiskWatch for Financial Institutions is used by banks, insurance companies, trusts and savings banks other technical service providers such as payment processors.

1. HOW TO DO RISK ASSESSMENTS AND DEMONSTRATE COMPLIANCE WITH FFIEC & BSA RiskWatch for Financial Institutions

2. RiskWatch for Financial Institutions Regulator-Approved Software to Self-Assess against FFIEC 2006 Guidelines & Pandemic Flu

8. NEW FFIEC Guidance, July 27, 2006

16. From the Gartner Group Report “ RiskWatch, Inc., is positioned as the leading "rescuer" of a massive private and public market constrained by fear of loss in terms of dollars and human life. Its unique form of rescue is in its before-the-fact nature. The RiskWatch tools credibly guide the users through a process to qualify its security situation concerning threats, assets, potential loss, vulnerabilities, and safeguards. The client has the opportunity to establish its own image and foundation of security through RiskWatch's regulatory and quality compliance and accreditation tools and functions . Through its quantitative methods and automated functions, RiskWatch arms the analysts and decision-makers with a solid risk management analysis based on the ALE balanced with the ROI. Once the client establishes the security policies—the plan is deployed and its life cycle managed within the framework of RiskWatch. RiskWatch brings financially realized value to the client and the management vehicle and standards to follow”.

19. RiskWatch Clients

20. RISKWATCH ® Risk Assessment Process Automated Survey Management Process Management Data Aggregation & Analysis Content (Rules & Data) Risk Analysis Customization Reporting Respondents Analyst(s)

21. ELEMENTS OF A METRICS-BASED RISK ASSESSMENT APPROACH ASSETS THREATS VULNERABILITIES LOSSES SAFEGUARDS

22. Data Aggregation & Analysis Financial Data Software Automatically Analyses Over 3 Million Linking Relationships Risk = Asset  Loss  Threat  Vulnerability Loss Delays & Denials Fines Disclosure Modification Direct Loss Asset Applications Database Financial Data Hardware System Software Threat Disclosure Hackers Fraud Viruses Network Attack Loss of Data Embezzlement Vulnerability Acceptable Use Disaster Recovery Authentication Network Controls No Security Plan Accountability Privacy Access Control Fines Disclosure Modification Fraud Loss of Data Acceptable Use Authentication Privacy Access Control

23. Progress at a Glance – Tracks the Case

24. Valuing Assets – RiskWatch Auto- Populates Asset Values

26. THREAT FREQUENCIES ARE PROVIDED AND CAN ALSO BE TAILORED WITH CUSTOMER DATA SUCH AS PENETRATION TEST DATA

27. Web-Based Surveys Facilitate Respondent Answers Automated Survey Management

28. YOU CAN SELECT QUESTIONS THAT MAP EXACTLY TO THE FFIEC, ISO-17799, GLBA or SB 1386 STANDARD

29. Each question uses actual security regulations as control standards and is linked to appropriate Functional Areas

30. Respondents Can Answer Questions over the Web with full ASP functionality

33. INCLUDES ALL IT-REQUIRED SAFEGUARD CATEGORIES

34. EACH POTENTIAL SAFEGUARD INCLUDES DEFAULT VALUES FOR COST, MAINTENANCE AND LIFE CYCLE

35. Reports Results From Dozens Of Employees Are Instantly Aggregated And Analyzed.

37. MITIGATION STRATEGIES 1. Accept Risk 2. Transfer Risk 2. Mitigate Risk 3. Better Risk Reactions 5. Dealing with Residual Risk

38. The Case Summary Report Is Pre-Written for Management

39. EASY TO UNDERSTAND GRAPHS ILLUSTRATE OVERALL COMPLIANCE VS. NON-COMPLIANCE

40. Vulnerability Distribution Report Shows the Weak Compliance/ Security Areas

41. Vulnerability Distribution Report Shows the Weak Compliance/ Security Areas

42. Track Compliance by Individual

43. Vulnerability reports include complete audit trails and powerful analysis tools

44. Looking at Loss Expectancy by Type of Loss

46. SAFEGUARD REPORT -- RECOMMENDED CONTROLS BY RETURN ON INVESTMENT

47. Demonstrates Reduction in Loss Expectancy by Applying Overlapping Layers of Protection from Implementing Top Recommended Controls

49. www.riskwatch.com